RE: [fw-wiz] result question

From: Mike Hoskins (mike_at_adept.org)
Date: 08/29/03

  • Next message: Patrick M. Hausen: "Re: [fw-wiz] An interesting VPN problem"
    To: firewall-wizards@honor.icsalabs.com
    Date: Thu, 28 Aug 2003 17:35:55 -0700 (PDT)
    
    

    Subject: RE: [fw-wiz] result question
    Date: Thu, 28 Aug 2003 15:09:26 -0400
    From: "Whiteside, Larry [contractor]" <BAE14@SPHQ.SSP.NAVY.MIL>
    To: "rmck" <rmckeever@earthlink.net>,
            <firewall-wizards@honor.icsalabs.com>
    > assuming that the port is open because there is no response. Doing UDP =
    > scans with NMAP, it wants to see a TCP reset or something to tell NMAP =
    > that it is closed. I am not sure what response it is looking for doing a
    > FIN scan, but it is probably something similar.

    UDP wants ICMP type 3. FIN wants RST. that's all in nmap(1). UDP scans
    are more useless than normal if you're blocking all ICMP somewhere along
    the line. but don't do that, you'll break PMTUD.

    -mrh

    --
    From: "Spam Catcher" <spam-catcher@adept.org>
    To: spam-catcher@adept.org
    Do NOT send email to the address listed above or
    you will be added to a blacklist!
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Patrick M. Hausen: "Re: [fw-wiz] An interesting VPN problem"

    Relevant Pages

    • Re: nmap udp scan takes too long
      ... Reason is that nmap waits for a response, retries, waits etc. ... Once it decides the port is not responding it continues. ... because nmap tries different ports simultaneously. ... udp scan takes so long mostly. ...
      (Security-Basics)
    • Re: Identifying Kernel 2.4.x based Linux machines using UDP
      ... > Linux Kernel 2.4.x has a bug with the UDP implementation which allows ... It also isn't specific to UDP -- you'll find ... Last year I added a feature to Nmap which automates this IPID ...
      (Bugtraq)
    • Re: ICMP pokes holes in firewalls...
      ... > These are UDP services that open the firewall for inbound traffic. ... back the client port. ... for a period of time after the initial response. ... Once a nice target has been identified and their NAT gateway has been ...
      (Bugtraq)
    • Re: nmap udp scan takes too long
      ... But unicornscan beats nmap as it comes to udp scanning. ... Open and filtered ports rarely send any kind ...
      (Security-Basics)
    • Re: how nmap can know my firewalled servers ?
      ... UDP or ICMP protocol), it will mark the port as closed. ... descrition, how NMAP determins, if the UDP port is open or closed. ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ...
      (Security-Basics)